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DETAILED ACTION 

This Office Action is in response to the application filed on 01/21/2004. Claims 1-68 are 
pending and have been examined. 

Claim Rejections - 35 USC §112 

The following is a quotation of the second paragraph of 35 U.S : C. 1 12: 

The specification shall conclude with one or more claims particularly pointing out and distinctly 
claiming the subject matter which the applicant regards as his invention. 

Claims 16 and 17 are rejected as failing to define the invention in the manner required 
by 35 U.S.C. 112, second paragraph. 

The claim(s) are narrative in form and replete with indefinite and functional or 
operational language. The structure which goes to make up the device must be clearly 
and positively specified. The structure must be organized and correlated in such a 
manner as to present a complete operative device. The claim(s) must be in one 
sentence form only. Note the format of the claims in the patent(s) cited. 

Claims 19 and 48 are rejected under 35 U.S.C. 112, second paragraph, as being 
indefinite for failing to particularly point out and distinctly claim the subject matter which 
applicant regards as the invention. Claim 19 recites "first logic is substantially provided 
in a first device" where its meaning are unclear. This ambiguity renders claim 6 
indefinite. 

Claims 20-24 are also rejected by virtue of their dependencies. 
Claims 49-53 are also rejected by virtue of their dependencies. 
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Claim Rejections • 35 USC § 102 

(e) the invention was described in (1) an application for patent, published under section 122(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351(a) shall have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 21(2) 
of such treaty in the English language. 

Claims 1-5, 11-13, 25-26, 30-34, 40-42, 54-55, 59, and 66-68 are rejected under 35 
U.S.C. 102(e) as being anticipated by Chung etal. (US 2003/0026462 A1). 

As per claim 1 : 

Chung teaches a method comprising: 

establishing authentication information, said authentication information including 
time information associated with authenticating logic [par. [0079]; lines 5-12; 
"Signature or other biometric data should be captured substantially in "real time" 
with a reliable date/time stamp made part of the signature or other biometric data 
record along with the digitized signature or other biometric"; an authentication 
information includes signature or biometric plus time stamp]; 

with first logic, establishing credential information [par. [0079]; "Signature or 
other biometric data should be captured substantially in "real time" with a 
reliable date/time stamp made part of the signature or other biometric data 
record along with the digitized signature or other biometric"; establishing 
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credential information is equivalent to "signature or other biometric data should 

be captured"]; and 

outputting an authentication request comprising said authentication information 
and said credential information, said authentication request being cryptographically 
modified [par. [0083], "The digitized signature or other biometric and/or other data 
should be encrypted when transmitted over the Internet, e.g., utilizing 128-bit or 
greater encryption coding". An authentication information includes signature or 
biometric plus time stamp should be encrypted when transmitted over the 
internet]. 

As per claim 2: 

Chung teaches the method as recited in claim 1 , wherein said first logic is 
configured to output said authentication request [par. [0083], "The digitized 
signature or other biometric and/or other data should be encrypted when 
transmitted over the Internet, e.g., utilizing 128-bit or greater encryption 
coding"]. 

As per claim 3: 

Chung teaches the method as recited in claim 1, wherein second logic this is 
operatively coupled to said first logic is configured to output said authentication request 
[par. [0083], "The digitized signature or other biometric and/or other data should 
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be encrypted when transmitted over the Internet, e.g., utilizing 128-bit or greater 
encryption coding"; A logic includes a first logic and a second logic]. 

As per claim 4: 

Chung teaches the method as recited in claim 2, further comprising: 

with second logic that is operatively coupled to said first logic, receiving said 
authentication request an outputting a selectively modified authentication request [par. 
[0083], "The digitized signature or other biometric and/or other data should be 
encrypted when transmitted over the Internet, e.g., utilizing 128-bit or greater 
encryption coding"; The logic has capable to select a signature or other biometric 
to output a selectively modified authentication request]. 

As per claim 5: 

Chung teaches the method as recited in claim 1 , further comprising: 

with authenticating logic that is operatively configured to receive said 
authentication request, at least validating said authentication information, and 
authenticating said credential information [fig. 9; par. [0117]; "Upon or after receipt, 
voter registration file 410 is read 420 and the encoded registration information 
412 and digitized signature data 414 are separated 425 from the relational 
encryption code 416, and, if encrypted, are decrypted. The validity of the 
encoded data 412, 414 is then compared 430 to determine whether the data 412 
and/or 414 is/are valid relative to encryption code 416"]. 
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As per claim 11: 

Chung teaches the method as recited in claim 6, wherein said authentication 
request is cryptographically modified by encryption using a private key [par. [0128]; 
lines 5-11; "security for data and information transmitted via networks, the 
Internet and other communication media may be provided by any one or more of 
a relational check code or number, public or private key encryption, a 128-bit 
encryption protocol, or any other encryption and/or data protection scheme, 
whether more or less secure, whether available presently or in the future"; par. 
[0083], "The digitized signature or other biometric and/or other data should be 
encrypted when transmitted over the Internet, e.g., utilizing 128-bit or greater 
encryption coding". An authentication information includes signature or 
biometric plus time stamp should be encrypted by private key when transmitted 
over the internet]. 

As per claims 12. 13: 

A private key is associated with a logic, which includes a first logic and second 
logic. Claims 12 and 13 are rejected with the reason as in claim 1 1 . 

As per claim 25: 

Chung teaches the method as recited in claim 5, wherein said authenticating logic 
is configured to validate said authentication information based on at least nonce data 
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and timestamp data within said authentication information [par. [0079]; lines 5-12; 
"Signature or other biometric data should be captured substantially in "real time" 
with a reliable date/time stamp made part of the signature or other biometric data 
record along with the digitized signature or other biometric"; an authentication 
information includes signature or biometric plus time stamp; fig. 9; par. [0117]; 
"Upon or after receipt, voter registration file 410 is read 420 and the encoded 
registration information 412 and digitized signature data 414 are separated 425 
from the relational encryption code 416, and, if encrypted, are decrypted. The 
validity of the encoded data 412, 414 is then compared 430 to determine whether 
the data 412 and/or 414 is/are valid relative to encryption code 416"]. 

As per claim 26: 

Chung teaches the method as recited in claim 5, wherein said authenticating logic 
is configured to authenticate said credential information by logically comparing said 
credential information with stored credential information [par. [0079]; lines 5-12; 
"Signature or other biometric data should be captured substantially in "real time" 
with a reliable date/time stamp made part of the signature or other biometric data 
record along with the digitized signature or other biometric"; an authentication 
information includes signature or biometric plus time stamp; fig. 9; par. [0117]; 
"Upon or after receipt, voter registration file 410 is read 420 and the encoded 
registration information 412 and digitized signature data 414 are separated 425 
from the relational encryption code 416, and, if encrypted, are decrypted. The 
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validity of the encoded data 412, 414 is then compared 430 to determine whether 
the data 412 and/or 414 is/are valid relative to encryption code 416"; fig. 1; par. 
[0028]; lines 1-11; county level database 20 and central database 30]. 

Claim 30 is essentially the same as claim 1 except that it sets forth the claimed 
invention as computer readable medium rather a method and rejected under the same 
reasons as applied above. 

Claim 31 is essentially the same as claim 2 except that it sets forth the claimed 
invention as computer readable medium rather a method and rejected under the same 
reasons as applied above. 

Claim 32 is essentially the same as claim 3 except that it sets forth the claimed 
invention as computer readable medium rather a method and rejected under the same 
reasons as applied above. 

Claim 33 is essentially the same as claim 4 except that it sets forth the claimed 
invention as computer readable medium rather a method and rejected under the same 
reasons as applied above. 

Claim 34 is essentially the same as claim 5 except that it sets forth the claimed 
invention as computer readable medium rather a method and rejected under the same 
reasons as applied above. 

Claim 40 is essentially the same as claim 1-1 except that it sets forth the claimed 
invention as computer readable medium rather a method and rejected under the same 
reasons as applied above. 
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Claim 41 is essentially the same as claim 12 except that it sets forth the claimed 
invention as computer readable medium rather a method and rejected under the same 
reasons as applied above. 

Claim 42 is essentially the same as claim 13 except that it sets forth the claimed 
invention as computer readable medium rather a method and rejected under the same 
reasons as applied above. 

Claim 54 is essentially the same as claim 25 except that it sets forth the claimed 
invention as computer readable medium rather a method and rejected under the same 
reasons as applied above. 

Claim 55 is essentially the same as claim 26 except that it sets forth the claimed 
invention as computer readable medium rather a method and rejected under the same 
reasons as applied above. 

Claim 59 is essentially the same as claims 1-5 except that it sets forth the claimed 
invention as system rather a method and rejected under the same reasons as applied 
above. 

Claims 66-67 are essentially the same as claim 1 except that it sets forth the claimed 
invention as an apparatus rather a method and rejected under the same reasons as 
applied above. 

Claim 68 is essentially the same as claims 1-5 except that it sets forth the claimed 
invention as an apparatus rather a method and rejected under the same reasons as 
applied above. 
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Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

Claims 6-8, 9-10, 14, 19-22, 27, 35-37, 38-39, 43, 48-51, 56, 60-63, and 65 are 

rejected under 35 U.S.C. 103(a) as being unpatentable over Chung et al. (US 
2003/0026462 A1) in view of Stanko (US Patent 20050074126 A1). 

As per claim 6: 

Chung does not explicitly teach an authenticating logic, outputting an 
authentication response comprising authentication approval information and 
corresponding cryptography information. 

However, Stanko teaches an authenticating logic, outputting an authentication 
response comprising authentication approval information and corresponding 
cryptography information [par. [0047]; lines 6-13; "Authentication server 208 can 
use any credentials that can be transmitted across HTTP to authenticate client 
202, including passwords, challenge-response, digital certificates, tokens, smart 
cards, or biometrics, or any combination thereof, and can authenticate against 
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any backend directory via lightweight directory access protocol (LDAP), 
Microsoft Windows NT LAN Manager (NTLM), or another protocol"; par. [0048], 
lines 9-11; An authentication approval information is equivalent to a token (or 
ticket)]. 

Therefore, it would have been obvious to the person of ordinary skill in the art at 
the time the invention was made to modify method of Chung of the invention by 
including the step of Satnko because it would enable client 202 to access secure server 
204A automatically [Stanko, par. [0049], lines 1-2]. 

As per claim 7: 

Stanko teaches the method as recited in claim 6, further comprising: 
with said first logic, accessing at least a portion of said authentication response to 
retrieve said corresponding cryptography information and outputting said retrieved 
cryptography information [par. [0047]; lines 6-13; "Authentication server 208 can 
use any credentials that can be transmitted across HTTP to authenticate client 
202, including passwords, challenge-response, digital certificates, tokens, smart 
cards, or biometrics, or any combination thereof, and can authenticate against 
any backend directory via lightweight directory access protocol (LDAP), 
Microsoft Windows NT LAN Manager (NTLM), or another protocol"; par. [0048], 
lines 9-11; An authentication approval information is equivalent to a token (or 
ticket); A client (i.e. first logic and second logic) has capable to access at least a 
portion of authentication response (i.e. token)]. 
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As per claim 8: 

Stanko teaches the method as recited in claim 7, further comprising: 
with second logic that is operatively coupled to said first logic and said authentication 
logic, accessing at least a portion of said authentication response and using said 
retrieved cryptography information retrieve said authentication approval information 
[par. [0047]; lines 6-13; "Authentication server 208 can use any credentials that 
can be transmitted across HTTP to authenticate client 202, including passwords, 
challenge-response, digital certificates, tokens, smart cards, or biometrics, or 
any combination thereof, and can authenticate against any backend directory via 
lightweight directory access protocol (LDAP), Microsoft Windows NT LAN 
Manager (NTLM), or another protocol"; par. [0048], lines 9-11; An authentication 
approval information is equivalent to a token (or ticket); A client (i.e. first logic 
and second logic) has capable to access at least a portion of authentication 
response (i.e. token or ticket); par. [0049], lines 8-10; "Authentication server 208 
also applies a digital signature to the ticket using a public-private key pair"; 
retrieving cryptograph information can be digital signature]. 

As per claim 9: 

Chung teaches the method as recited in claim 6, further comprising: 

with said second logic, accessing at least a portion of said authentication 
response to retrieve said corresponding cryptography information [par. [0047]; lines 6- 
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13; "Authentication server 208 can use any credentials that can be transmitted 
across HTTP to authenticate client 202, including passwords, challenge- 
response, digital certificates, tokens, smart cards, or biometrics, or any 
combination thereof, and can authenticate against any backend directory via 
lightweight directory access protocol (LDAP), Microsoft Windows NT LAN 
Manager (NTLM), or another protocol". Par. [0048]; Lines 9-11; An authentication 
approval information is equivalent to a token (or ticket); A client (i.e. first logic 
and second logic) has capable to access at least a portion of authentication 
response (i.e. token)]. 

As per claim 10: 

Chung teaches the method as recited in claim 9, further comprising: 

with said second logic, accessing at least a portion of said authentication 
response and using said retrieved cryptography information retrieve said authentication 
approval information [par. [0047]; lines 6-13; "Authentication server 208 can use 
any credentials that can be transmitted across HTTP to authenticate client 202, 
including passwords, challenge-response, digital certificates, tokens, smart 
cards, or biometrics, or any combination thereof, and can authenticate against 
any backend directory via lightweight directory access protocol (LDAP), 
Microsoft Windows NT LAN Manager (NTLM), or another protocol". Par. [0048]; 
Lines 9-11; An authentication approval information is equivalent to a token (or 
ticket); A client (i.e. first logic and second logic) has capable to access at least a 
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portion of authentication response (i.e. token or ticket); par. [0049], lines 8-10; 
"Authentication server 208 also applies a digital signature to the ticket using a 
public-private key pair"; retrieving cryptograph information can be digital 
signature]. 

As per claim 14: 

Stanko teaches the method as recited in claim 1 1 , further comprising: 
with said authenticating logic, retrieving said authentication information and said 
credential information from said authentication request using a public key pair-wise 
associated with said private key [par. [0049]; lines 8-10; par. [0051], lines 5-9; 
"secure server 204A retrieves the public key corresponding to the private key 
used to apply the digital signature to the ticket, uses it to verify the digital 
signature, and grants access to client 202 (that is, establishes the session)"]. 

As per claim 19: 

Chung teaches the method as recited in claim 8, wherein said first logic is 
substantially provided in a first device that includes a credential gathering mechanism 
configurable to establish said credential information, said second logic is provided at 
least partially in a second device, and said authenticating logic is provided at least 
partially in a third device [par. [0079]; lines 5-12; "Signature or other biometric data 
should be captured substantially in "real time" with a reliable date/time stamp 
made part of the signature or other biometric data record along with the digitized 
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signature or other biometric"; establishing credential information is equivalent to 
"signature or other biometric data should be captured"; A logic includes a first 
logic and a second logic; par. [0083]; "The digitized signature or other biometric 
and/or other data should be encrypted when transmitted over the Internet, e.g., 
utilizing 128-bit or greater encryption coding". An authentication information 
includes signature or biometric plus time stamp should be encrypted when 
transmitted over the internet]; 

As per claim 20: 

Chung teaches the method as recited in claim 19, wherein said credential 
gathering mechanism is configurable to establish biometric information [par. [0079]; 
lines 5-12; "Signature or other biometric data should be captured substantially in 
"real time" with a reliable date/time stamp made part of the signature or other 
biometric data record along with the digitized signature or other biometric"]. 

As per claim 21: 

Chung teaches the method as recited in claim 19, wherein said second device 
includes at least one computer operatively configured as a client device, and said third 
device includes a computer operatively configured as a server device [abstract; par. 
[007]; "computer and a server in communication via a network, an intranet 
and/or the Internet, means for entry of data into the computer, and a signature or 
biometric digitizer including coupling software for directly entering digitized 
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signature or biometric data electronically into the computer. The data and 
digitized signature or biometric data may be communicated to the server"; fig. 
3]. 

As per claim 22: 

Chung teaches the method as recited in claim 19, further comprising: 

generating said authentication information using at least one logic selected from 
said second logic and said authenticating logic [par. [0083]; "The digitized signature 
or other biometric and/or other data should be encrypted when transmitted over 
the Internet, e.g., utilizing 128-bit or greater encryption coding"]. 

As per claim 27: 

Stanko teaches the method as recited in claim 8, wherein said authentication 
approval information includes an access token for use by said second device [par. 
[0047]; lines 6-13; "Authentication server 208 can use any credentials that can be 
transmitted across HTTP to authenticate client 202, including passwords, 
challenge-response, digital certificates, tokens, smart cards, or biometrics, or 
any combination thereof, and can authenticate against any backend directory via 
lightweight directory access protocol (LDAP), Microsoft Windows NT LAN 
Manager (NTLM), or another protocol"; par. [0048], lines 9-11; An authentication 
approval information is equivalent to a token (or ticket)]. 
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Claim 35 is essentially the same as claim 6 except that it sets forth the claimed 
invention as computer readable medium rather a method and rejected under the same 
reasons as applied above. 

Claim 36 is essentially the same as claim 7 except that it sets forth the claimed 
invention as computer readable medium rather a method and rejected under the same 
reasons as applied above. 

Claim 37 is essentially the same as claim 8 except that it sets forth the claimed 
invention as computer readable medium rather a method and rejected under the same 
reasons as applied above. 

Claim 38 is essentially the same as claim 9 except that it sets forth the claimed 
invention as computer readable medium rather a method and rejected under the same 
reasons as applied above. 

Claim 39 is essentially the same as claim 10 except that it sets forth the claimed 
invention as computer readable medium rather a method and rejected under the same 
reasons as applied above. 

Claim 43 is essentially the same as claim 14 except that it sets forth the claimed 
invention as computer readable medium rather a method and rejected under the same 
reasons as applied above. 

Claim 48 is essentially the same as claim 19 except that it sets forth the claimed 
invention as computer readable medium rather a method and rejected under the same 
reasons as applied above. 
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Claim 49 is essentially the same as claim 20 except that it sets forth the claimed 
invention as computer readable medium rather a method and rejected under the same 
reasons as applied above. 

Claim 50 is essentially the same as claim 21 except that it sets forth the claimed 
invention as computer readable medium rather a method and rejected under the same 
reasons as applied above. 

Claim 51 is essentially the same as claim 22 except that it sets forth the claimed 
invention as computer readable medium rather a method and rejected under the same 
reasons as applied above. 

Claim 56 is essentially the same as claim 27 except that it sets forth the claimed 
invention as computer readable medium rather a method and rejected under the same 
reasons as applied above. 

Claim 60 is essentially the same as claim 6 except that it sets forth the claimed 
invention as a system rather a method and rejected under the same reasons as applied 
above. 

Claim 61 is essentially the same as claim 27 except that it sets forth the claimed 
invention as a system rather a method and rejected under the same reasons as applied 
above. 

Claim 62 is essentially the same as claims 7-8 except that it sets forth the claimed 
invention as a system rather a method and rejected under the same reasons as applied 
above. 
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Claim 63 is essentially the same as claims 12-14 except that it sets forth the claimed 
invention as a system rather a method and rejected under the same reasons as applied 
above. 

Claim 65 is essentially the same as claims 7-8 except that it sets forth the claimed 
invention as a system rather a method and rejected under the same reasons as applied 
above. 

Claims 15-18, 44-47, and 64 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Chung et al. (US 2003/0026462 A1) and Stanko (US Patent 
20050074126 A1) in view of Goldstein (US 7,185,206 B2). 

As per claim 15: 

Stanko teaches encrypting authentication approval information using said 
temporary key [par. [0047], lines 6-10; par. [0049]; lines 1-10; par. [0051], lines 5-9; 
"secure server 204A retrieves the public key corresponding to the private key 
used to apply the digital signature to the ticket, uses it to verify the digital 
signature, and grants access to client 202 (that is, establishes the session)"]. 

Chung and Stanko do not explicitly teach an authentication establishing a 
temporary and encrypting said temporary key using said public key to form said 
corresponding. 

However, Goldstein teaches an authentication establishing a temporary and 
encrypting said temporary key using said public key to form said corresponding [Col. 4, 
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lines 35-44; "Most systems use a combination of public-key and symmetry. 

when two computers initiate a secure session, one computer creates a 

symmetric key and sends it to the other computer using public-key encryption. 

The two computers can then communicate using symmetric-key encryption. 

After the session is finished, each computer discards the symmetric key used 

for that session. Any additional sessions require that a new symmetric key be 

created, and the process is repeated"]; 

Therefore, it would have been obvious to the person of ordinary skill in the art at 
the time the invention was made to modify method of Chung and Stanko of the 
invention by including the step of Goldstein because it would provide to encrypt 
information to make it secure [Goldstein, Col. 3, lines 62-62]. 

As per claim 16: 

Goldstein teaches the method as recited in claim 15, further comprising: 

with said second logic, providing said encrypted temporary key to said first logic; 
and with said first logic, retrieving said temporary key from said encrypted temporary 
key using said private key [Col. 4, lines 35-44; A client includes a first logic and 
second logic]. 



As per claim 17: 

Goldstein teaches the method as recited in claim 16, further comprising: 
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with said first logic, providing said retrieved temporary key to said second logic; 
and with said second logic, retrieving said authentication approval information using 
said retrieved temporary key [Col. 4, lines 35-44; A client includes a first logic and 
second logic]. 

As per claim 18: 

Goldstein teaches the method as recited in claim 15, wherein said temporary key 
includes a symmetric key [Col. 4, lines 35-36; "most systems use a combination of 
public-key and symmetric"]. 

Claim 44 is essentially the same as claim 15 except that it sets forth the claimed 
invention as computer readable medium rather a method and rejected under the same 
reasons as applied above. 

Claim 45 is essentially the same as claim 16 except that it sets forth the claimed 
invention as computer readable medium rather a method and rejected under the same 
reasons as applied above. 

Claim 46 is essentially the same as claim 17 except that it sets forth the claimed 
invention as computer readable medium rather a method and rejected under the same 
reasons as applied above. 

Claim 47 is essentially the same as claim 18 except that it sets forth the claimed 
invention as computer readable medium rather a method and rejected under the same 
reasons as applied above. 
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Claim 64 is essentially the same as claims 15-17 except that it sets forth the claimed 
invention as a system rather a method and rejected under the same reasons as applied 
above. 

Claims 23-24, 52-53 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Chung et al. (US 2003/0026462 A1) in view of Stanko (US Patent 20050074126 A1) in 
view of Howard et al. (US 2004/0103064 A1). 

As per claim 23: 

Chung and Stanko do not explicitly teach a second logic modifies said 
authentication request by including certificate information in a modified authentication 
request. 

However, Howard teaches second logic modifies said authentication request by 
including certificate information in a modified authentication request [par. [0018], lines 
5-8; "User PC 10 then contacts authentication server 30 through Internet 20 A 
serial number 48 and an encrypted certificate 49 are sent to authentication 
server 30"]. 

Therefore, it would have been obvious to the person of ordinary skill in the art at 
the time the invention was made to modify method of Chung and Stanko of the 
invention by including the step of Howard because it would help to reduce fraud through 
password sharing associated with the prior art method of access [Howard, par. [0013], 
lines 12-15]. 



« 
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As per claim 24: 

Howard teaches the method as recited in claim 23, wherein said authenticating 
logic is configured to validate said authentication request based at least in part on said 
certificate information [par. [0020], lines 6-8; "When authentication server 30 
receives serial number 48 and encrypted certificate 49, it can apply master key 
53 to verify the identity of smart card 14"]. 

Claim 52 is essentially the same as claim 23 except that it sets forth the claimed 
invention as computer readable medium rather a method and rejected under the same 
reasons as applied above. 

Claim 53 is essentially the same as claim 24 except that it sets forth the claimed 
invention as computer readable medium rather a method and rejected under the same 
reasons as applied above. 

Claims 28-29, 57-58 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Chung et al. (US 2003/0026462 A1) in view of Bull et al. (US 6,799,270 B1). 



As per claim 28: 

Chung teaches time information including timestamp data as described in claim 1 
but he does not teach authentication information includes nonce data. 
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However, Bull teaches authentication request includes nonce data [Col. 6, lines 
44-47; "The nonce Na is a value randomly generated by the client node A 14 that 
uniquely identifies the authentication request at client node A 14"]. 

Therefore, it would have been obvious to the person of ordinary skill in the art at 
the time the invention was made to combine of Chung of the invention by including the 
step of Bull because it would be obvious to use nonce data for each authentication 
request [Col. 6, lines 44-47; Bull]. 

As per claim 29: 

Chung teaches authentication request includes data comprising identifier data, 
signature data, timestamp data, and credential data as described in claim 1 but he does 
not teach nonce data. 

However, Bull teaches authentication request including nonce data [Col. 6, lines 
44-47]. 

Therefore, it would have been obvious to the person of ordinary skill in the art at 
the time the invention was made to modify method of Chung of the invention by 
including the step of Bull because it would be obvious to use nonce data for each 
authentication request [Col. 6, lines 44-47; Bull]. 

Claim 57 is essentially the same as claim 28 except that it sets forth the claimed 
invention as computer readable medium rather a method and rejected under the same 
reasons as applied above. 
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Claim 58 is essentially the same as claim 29 except that it sets forth the claimed 
invention as computer readable medium rather a method and rejected under the same 
reasons as applied above. 

Conclusion 

The prior arts made of record and not relied upon are considered pertinent to 
applicant's disclosure. 

US 5,790,677 A to Fox et al.; 

US 6,327,578 B1 to Linehan, Mark; 

US 6,330,677 B1 to Madoukh, Ashraf T.; 

US 2003/0115452 A1 to Sandhu et al.; 

US 2004/0172531 A1 to Little et al.; 

US 2004/0250085 A1 to Tattan et al.; 

US 2005/0021969 A1 to Williams et al.; 

US 2004/0044385 A1 to Holdswork, John. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Canh Le whose telephone number is 571-270-1380. 
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The examiner can normally be reached on Monday to Friday 7:30AM to 5:00PM other 
Friday off. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz Sheikh can be reached on 571-272-3795. The fax phone number for 
the organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

Canh Le 
August 21 , 2007 



/ Ayaz sheikh 

SUPERVISORY PATENT EXAMINER 
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